1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

Manually port Steven Dannenman fix for using the correct machine domain when

looking up trust credentials in our tdb.

   commit fd0ae47046
   Author: Steven Danneman <sdanneman@isilon.com>
   Date:   Thu May 8 13:34:49 2008 -0700

      Use machine account and machine password from our domain when
      contacting trusted domains.
This commit is contained in:
Gerald W. Carter 2008-05-23 15:19:58 -05:00
parent 36ba31e39b
commit 69b37ae607
2 changed files with 6 additions and 6 deletions

View File

@ -1560,10 +1560,10 @@ bool get_trust_pw_clear(const char *domain, char **ret_pwd,
return true;
}
/* Just get the account for the requested domain. In the future this
* might also cover to be member of more than one domain. */
/* Here we are a domain member server. We can only be a member
of one domain so ignore the request domain and assume our own */
pwd = secrets_fetch_machine_password(domain, &last_set_time, channel);
pwd = secrets_fetch_machine_password(lp_workgroup(), &last_set_time, channel);
if (pwd != NULL) {
*ret_pwd = pwd;

View File

@ -706,12 +706,12 @@ static NTSTATUS get_trust_creds(const struct winbindd_domain *domain,
return NT_STATUS_NO_MEMORY;
}
/* this is at least correct when domain is our domain,
* which is the only case, when this is currently used: */
/* For now assume our machine account only exists in our domain */
if (machine_krb5_principal != NULL)
{
if (asprintf(machine_krb5_principal, "%s$@%s",
account_name, domain->alt_name) == -1)
account_name, lp_realm()) == -1)
{
return NT_STATUS_NO_MEMORY;
}